Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-38342

Опубликовано: 10 июл. 2025
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so the property value requires at least '(index + 1) * sizeof(*ref)' bytes but that can not be guaranteed by current OOB check, and may cause OOB for malformed property. Fix by using as OOB check '((index + 1) * sizeof(*ref) > prop->length)'.

Отчет

Exploiting this vulnerability requires the ability to craft or manipulate firmware node properties from kernel space. Such operations typically require high privileges, such as loading kernel modules or using in-kernel interfaces. Therefore, the vulnerability is not accessible to unprivileged users and is classified as Privileges Required: High (PR:H).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelFix deferred
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelFix deferred
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise Linux 9kernelFix deferred
Red Hat Enterprise Linux 9kernel-rtFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2379250kernel: software node: Correct a OOB check in software_node_get_reference_args()

EPSS

Процентиль: 8%
0.00035
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-38342

ubuntu
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so the property value requires at least '(index + 1) * sizeof(*ref)' bytes but that can not be guaranteed by current OOB check, and may cause OOB for malformed property. Fix by using as OOB check '((index + 1) * sizeof(*ref) > prop->length)'.

nvd логотип

CVE-2025-38342

nvd
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so the property value requires at least '(index + 1) * sizeof(*ref)' bytes but that can not be guaranteed by current OOB check, and may cause OOB for malformed property. Fix by using as OOB check '((index + 1) * sizeof(*ref) > prop->length)'.

msrc логотип

CVE-2025-38342

msrc
13 дней назад

Описание отсутствует

debian логотип

CVE-2025-38342

debian
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: s ...

github логотип

GHSA-px3m-8xg9-4vqq

github
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so the property value requires at least '(index + 1) * sizeof(*ref)' bytes but that can not be guaranteed by current OOB check, and may cause OOB for malformed property. Fix by using as OOB check '((index + 1) * sizeof(*ref) > prop->length)'.

EPSS

Процентиль: 8%
0.00035
Низкий

4.4 Medium

CVSS3